oauth2client.contrib.gce module

Utilities for Google Compute Engine

Utilities for making it easier to use OAuth 2.0 on Google Compute Engine.

class oauth2client.contrib.gce.AppAssertionCredentials(email=None, *args, **kwargs)[source]

Bases: oauth2client.client.AssertionCredentials

Credentials object for Compute Engine Assertion Grants

This object will allow a Compute Engine instance to identify itself to Google and other OAuth 2.0 servers that can verify assertions. It can be used for the purpose of accessing data stored under an account assigned to the Compute Engine instance itself.

This credential does not require a flow to instantiate because it represents a two legged flow, and therefore has all of the required information to generate and refresh its own access tokens.

Note that service_account_email and scopes will both return None until the credentials have been refreshed. To check whether credentials have previously been refreshed use invalid.

create_scoped_required()[source]

Whether this Credentials object is scopeless.

create_scoped(scopes) method needs to be called in order to create a Credentials object for API calls.

classmethod from_json(json_data)[source]

Instantiate a Credentials object from a JSON description of it.

The JSON should have been produced by calling .to_json() on the object.

Parameters:json_data – string or bytes, JSON to deserialize.
Returns:An instance of a Credentials subclass.
retrieve_scopes(http)[source]

Retrieves the canonical list of scopes for this access token.

Overrides client.Credentials.retrieve_scopes. Fetches scopes info from the metadata server.

Parameters:http – httplib2.Http, an http object to be used to make the refresh request.
Returns:A set of strings containing the canonical list of scopes.
serialization_data
sign_blob(blob)[source]

Cryptographically sign a blob (of bytes).

This method is provided to support a common interface, but the actual key used for a Google Compute Engine service account is not available, so it can’t be used to sign content.

Parameters:blob – bytes, Message to be signed.
Raises:NotImplementedError, always.
to_json()[source]

Creating a JSON representation of an instance of Credentials.

Returns:string, a JSON representation of this instance, suitable to pass to from_json().